Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-26619

CVE-2025-26619: Vega-functions XSS Vulnerability

CVE-2025-26619 is a cross-site scripting (XSS) vulnerability in Vega-functions that allows unauthorized JavaScript execution through the expression language. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2025-26619 Overview

CVE-2025-26619 affects Vega, a visualization grammar used to create declarative interactive visualizations. In vega 5.30.0 and lower, and in vega-functions 5.15.0 and lower, attackers can call JavaScript functions from the Vega expression language that were not meant to be exposed. The issue stems from the getScale helper accepting a function argument in addition to a scale name, enabling arbitrary function invocation through crafted expressions. The maintainers patched the flaw in vega5.31.0 and vega-functions5.16.0. The vulnerability is categorized under [CWE-79] Cross-Site Scripting in the NVD record.

Critical Impact

Attackers who supply Vega specifications can invoke unintended JavaScript functions via the expression language, leading to script execution in the rendering context.

Affected Products

  • vega versions 5.30.0 and lower (Node.js)
  • vega-functions versions 5.15.0 and lower (Node.js)
  • Applications embedding Vega expression interpreter with untrusted specifications

Discovery Timeline

  • 2025-03-27 - CVE-2025-26619 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-26619

Vulnerability Analysis

Vega exposes an expression language used inside visualization specifications. Expressions can reference scales through helper functions such as scale, invert, and gradient. The getScale utility in packages/vega-functions/src/scales.js accepted either a string scale name or a function reference. When a function was passed, getScale returned it directly, allowing the expression engine to invoke arbitrary callables that authors of the API did not intend to expose.

Because Vega specifications are frequently sourced from user input, embedded dashboards, or shared notebooks, an attacker controlling a specification can reach JavaScript functions that would normally be gated. The result is script execution capability inside the page or Node.js context that renders the visualization, mapped to [CWE-79] due to the common browser-based rendering scenario.

Root Cause

The root cause is permissive type handling in getScale. The pre-patch implementation checked with isFunction(nameOrFunction) and returned the function unchanged, bypassing the scale registry lookup that would otherwise validate the identifier through isRegisteredScale.

Attack Vector

Exploitation requires an attacker to supply a crafted Vega specification that is rendered by a vulnerable version. User interaction is required, consistent with how visualization payloads are loaded in a browser. Successful exploitation yields low-impact confidentiality and integrity effects on the subsequent rendering context.

javascript
// Security patch in packages/vega-functions/src/scales.js
 import {ScalePrefix} from './constants';
 import {scaleVisitor} from './visitors';
 import {Literal} from 'vega-expression';
-import {isFunction, isString, stringValue} from 'vega-util';
+import {isString, stringValue} from 'vega-util';
 import {isRegisteredScale} from 'vega-scale';
 
-export function getScale(nameOrFunction, ctx) {
+/**
+ * Name must be a string. Return undefined if the scale is not registered.
+ */
+export function getScale(name, ctx) {
 
-  if (isFunction(nameOrFunction)) {
-    return nameOrFunction;
-  }
-
-  if (isString(nameOrFunction)) {
-    const maybeScale = ctx.scales[nameOrFunction];
+  if (isString(name)) {
+    const maybeScale = ctx.scales[name];
     return (maybeScale && isRegisteredScale(maybeScale.value)) ? maybeScale.value : undefined;
-
   }
 
   return undefined;
// Source: https://github.com/vega/vega/commit/8fc129a6f8a11e96449c4ac0f63de0e5bfc7254c

The patch restricts getScale to string inputs and removes the function passthrough. A companion change in scale-gradient.js guards the callsite so only test callers can pass a function directly.

Detection Methods for CVE-2025-26619

Indicators of Compromise

  • Vega or Vega-Lite specifications that reference identifiers resolving to global JavaScript functions rather than registered scale names.
  • Runtime errors or unexpected function invocations originating from vega-functions scale helpers such as scale, invert, or gradient.
  • Loading of Vega specifications from untrusted sources into pages that use the default vega.expressionInterpreter.

Detection Strategies

  • Inventory front-end and Node.js dependencies for vega <= 5.30.0 and vega-functions <= 5.15.0 using software composition analysis.
  • Review server-side logs for endpoints that accept user-supplied Vega or Vega-Lite JSON and correlate with client-side JavaScript errors.
  • Inspect Content Security Policy reports for script-src violations tied to visualization rendering routes.

Monitoring Recommendations

  • Alert on new Vega specifications introduced from external sources or authenticated users into shared dashboards.
  • Monitor browser telemetry for anomalous DOM or eval-like activity on pages that embed visualizations.
  • Track dependency updates in package manifests to confirm remediated versions are deployed.

How to Mitigate CVE-2025-26619

Immediate Actions Required

  • Upgrade vega to 5.31.0 or later and vega-functions to 5.16.0 or later across all applications.
  • Audit downstream libraries such as vega-lite and embedded dashboards for transitive dependencies on vulnerable versions.
  • Restrict who can submit Vega specifications until patched versions are deployed.

Patch Information

The fix is available in vega5.31.0 and vega-functions5.16.0. Refer to the GitHub Security Advisory GHSA-rcw3-wmx7-cphr and the upstream commit 8fc129a for details.

Workarounds

  • Run vega without vega.expressionInterpreter. This mode is slower and not enabled by default.
  • Use the interpreter described in CSP (Content Security Policy) safe mode, which prevents arbitrary JavaScript from executing.
  • Sanitize or reject Vega specifications submitted by untrusted users until upgrades are complete.
bash
# Upgrade to patched versions via npm
npm install vega@^5.31.0 vega-functions@^5.16.0

# Verify installed versions
npm ls vega vega-functions

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.